github.com/juju/juju@v0.0.0-20240327075706-a90865de2538/core/secrets/rbac.go

github.com/juju/juju@v0.0.0-20240327075706-a90865de2538/core/secrets/rbac.go (about)

     1  // Copyright 2021 Canonical Ltd.
     2  // Licensed under the LGPLv3, see LICENCE file for details.
     3  
     4  package secrets
     5  
     6  // SecretRole is an access role on a secret.
     7  type SecretRole string
     8  
     9  const (
    10  	RoleNone   = SecretRole("")
    11  	RoleView   = SecretRole("view")
    12  	RoleRotate = SecretRole("rotate")
    13  	RoleManage = SecretRole("manage")
    14  )
    15  
    16  // IsValid returns true if r is a valid secret role.
    17  func (r SecretRole) IsValid() bool {
    18  	switch r {
    19  	case RoleNone, RoleView, RoleRotate, RoleManage:
    20  		return true
    21  	}
    22  	return false
    23  }
    24  
    25  func (r SecretRole) value() int {
    26  	switch r {
    27  	case RoleView:
    28  		return 1
    29  	case RoleRotate:
    30  		return 2
    31  	case RoleManage:
    32  		return 3
    33  	default:
    34  		return -1
    35  	}
    36  }
    37  
    38  func (r SecretRole) Allowed(wanted SecretRole) bool {
    39  	v1, v2 := r.value(), wanted.value()
    40  	if v1 < 0 || v2 < 0 {
    41  		return false
    42  	}
    43  	return v1 >= v2
    44  }